Vulnerabilities > CVE-2001-0870 - Remote Network Log Viewing vulnerability in Alchemy

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

alchemy-lab

dek-software

NVD

Published: 2001-12-21

Updated: 2017-12-19

Summary

HTTP server in Alchemy Eye and Alchemy Network Monitor 1.9x through 2.6.18 is enabled without authentication by default, which allows remote attackers to obtain network monitoring logs with potentially sensitive information by directly requesting the eye.ini file.

Vulnerable Configurations

Part	Description	Count
Application	Alchemy_Lab Alchemy LAB Alchemy EYE 1.9 Alchemy LAB Alchemy EYE 2.0 Alchemy LAB Alchemy EYE 2.1 Alchemy LAB Alchemy EYE 2.2 Alchemy LAB Alchemy EYE 2.3 Alchemy LAB Alchemy EYE 2.4 Alchemy LAB Alchemy EYE 2.5 Alchemy LAB Alchemy EYE 2.6 Alchemy LAB Alchemy EYE 2.6.18	9
Application	Dek_Software DEK Software Alchemy Network Monitor *	1

Summary

Vulnerable Configurations

References